This is great news indeed, glad you added that feature!
This is especially interesting for me, because I’m
1) A usability consultant for KDE in my spare time
2) A researcher in the field of “usable security”, with my research focus on – and here comes the kicker – users’ reactions to potentially dangerous (e.g. scam) online messages.
So I have read a bit of literature about this topic

Here are some points that came to my mind immediately:
- I agree with Robert that the detailed explanation would be of little use for average users since it mostly consists of technical terms . Here’s a suggestion for a – longer but probably better to understand for non-technical people – alternative message:
“This email contains a link which points to a numerical IP address instead of a typical textual website address. This is often the case in scam emails”
- The link to the details should ideally positioned near the warning message instead of near the actions, because users ask themselves why the message appeared when they read it, not when they have to make a decision. Plus, all the other buttons are actual reactions to the warning, whereas the details have to be seen _before_ choosing the appriopriate reacion, so it doesn’t really fit in with them.
- Perhaps even more often than in the link title tag, the URL which the scammers want to make recipients believe the link is pointing to is in the link _text_ (between the and tags). So if you find a URL there which differs from the one in the href, it’s likely that you’re looking at a phishing or other scam mail.

I’d be glad to provide further input and I could even evaluate the warnings in a scientific study at the university (in fact, we’ve already done studies quite similar to that).
So if you’d like to cooperate with me/us, just send an email to the address I provided with this comment.

Hi Laurent
As the reporter of https://bugs.kde.org/show_bug.cgi?id=307818 I’m of course very glad to see this post, and you have made an even bigger effort than I expected. Kudos for that.
One small thing, which is perhaps the most simple, is if KMail now shows the actual href in the status bar when hovering a link, instead of the title?

@Raul Fernandes: “One thing that you could add is if the email has a empty image.” they used an url on this image ?

@Filippo: “blacklisted email adresses;” yes I will allow to create a filter to move it to trash directly
“search the email for words that commonly appear in fishing.” we need a list of word for each language not sure if there is a database for it.

@Robert: no we need to improve it

@Thomas Pfeiffer: ““This email contains a link which points to a numerical IP address instead of a typical textual website address. This is often the case in scam emails”” thanks I will replace by it
“The link to the details should ideally positioned near the warning message” will look at how to implement it
“just send an email to the address I provided with this comment.” will do

@Thomas Tanghus: hi yes of course it shows href in status bar it was the initial bug and it was fixed i,n 4.10.2

Concerning blacklisting/whitelisting: that was requested already for HTML-E-Mails – mentioned somewhere in another bug, but it looks it was never considered.
Background: I want Plain Text as default, but for certain senders (especially newsletters) I would like to get HTML enabled automatically.
So if you are on black/whitelisting scam it would be great to see this for HTML, too (if it is possible…)

@gronzo: “backlist email” here it’s for moving it directly in trash (when we define that this emails send scam email we move it to trash.
your requester is for see or not html version by default. It’s an other feature but yes will look at it.